PostShell is a post-exploitation shell that includes both a bind and a back connect shell. It creates a fully interactive TTY which allows for job control. The stub size is around 14kb and can be compiled on any Unix like system. Why not use a traditional Backconnect/Bind Shell? PostShell allows for easier post-exploitation by […]
BeRoot is a post-exploitation tool to check for common misconfigurations which can allow an attacker to escalate their privileges. The main goal of BeRoot is to print only the information that has been found as a possible way for privilege escalation rather than a configuration assessment of the host by listing all services, all processes, […]
Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace. RedGhost Features Payloads Function to generate various encoded reverse shells in netcat, bash, python, php, ruby, perl lsWrapper Function to wrap the “ls” command with payload to run payload everytime “ls” is run for persistence Crontab Function to […]
Bashark aids pentesters and security researchers during the post-exploitation phase of security audits. Usage To launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark’s help menu Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to […]
CrackMapExec(CME) is a post exploitation tool that can be used for tasks like cracking administrative rights and mapping active directory networks. Active directory is a windows OS utility that provides services like protocols to access other directories in the network, security services through SSL and Kerberos authentication, organizational data storage in a centralized location, and […]
Bashark aids Pentesters and Security Researchers during the post-exploitation phase of security audits. Usage To launch Bashark on compromised host, simply source the bashark.sh script from terminal: $ source bashark.sh Then type help to see Bashark’s help menu Features Single Bash script Lightweight and fast Multi-platform: Unix, OSX, Solaris etc. No external dependencies Immune to […]
p0wnedShell is an offensive PowerShell host application written in C# that does not rely on powershell.exe but runs powershell commands and functions within a powershell runspace environment (.NET). It has a lot of offensive PowerShell modules and binaries included to make the process of Post Exploitation easier. What we tried was to build an “all […]
linux post-exploitation framework made by linux user Still under active development 中文介绍 check my blog for updates how to use what to expect (in future releases) packer: cryptor + memfd_create packer: use shm_open in older Linux kernels dropper: shellcode injector – python injector: inject shellcode into another process, using GDB port mapping: forward from […]
BoomER is a Command-line interface python open-source framework fully developed in Python 3.X for post-exploitation of targets with the objective to exploit local vulnerabilities on the big three OS’s (Windows/Linux/Mac). The tool allows for interaction with third-party software like Metasploit to chain attacks together. Installation 1 – Go to the Github Repository 2 – git clone https://github.com/Josue87/BoomER […]
SCAVENGER is a multi-threaded post-exploitation scanning tool for mapping systems and finding “interesting” and most frequently used files, folders and services. Once credentials are gained, it can scan remote systems (Linux, Windows and OSX) via services like SMB and SSH to scrape that system looking for “interesting” things and then cache the result. SCAVENGER has […]
Empire is regarded as one of the most useful frameworks by many penetration testers. It has many different powershell and python agents to use for post-exploitation attacks. Empire offers many post-exploitation modules from keyloggers to Mimikatz. You can deploy advanced cryptologically-secure communications between you and your victim to bypass network detection. Installing Empire First things […]
A post-exploitation agent powered by Python, IronPython, C#/.NET. Requirements Server requires Python >= 3.7 SILENTTRINITY C# implant requires .NET >= 4.5 How it works Notes .NET runtime support The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also there is no ZipArchive .NET library prior to 4.5 […]
SharpSploit is a .NET post-exploitation library written in C# that aims to highlight the attack surface of .NET and make the use of offensive .NET easier for red teamers. It is named, in part, as a homage to the PowerSploit project, a personal favorite of mine! While SharpSploit does port over some functionality from PowerSploit, […]
Merlin is post-exploitation tool that is easily cross-compiled to run on any platform to achieve command and control of a host. Quick Start Download the latest version of Merlin Server from the releases section Extract the files with 7zip using the x function. The password is: merlin Start Merlin Deploy an agent. See Agent Execution Quick […]
A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX. Features Emulate a simple terminal instance Undetected by anti-virus (OpenSSL AES-256 encrypted payloads, HTTPS communication) Multi-threaded No client dependencies (pure python) Persistent Simple extendable module system Retrieve Chrome passwords Retrieve iCloud tokens and contacts Phish for iCloud passwords via iTunes Download and upload files Take a picture using the webcam […]
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. The obfuscated communication is accomplished using HTTP headers under standard client requests and web server’s relative […]
POET is a simple post-exploitation tool to gain a remote shell on target machine. The client program runs on the target machine and is configured with an IP address (the server) to connect to and a frequency to connect at. If the server isn’t running when the client tries to connect, the client quietly sleeps […]
Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android), multi-function RAT (Remote Administration Tool) and post-exploitation tool mainly written in python. It features an all-in-memory execution guideline and leaves a very low footprint. It can communicate using various transports, migrate into processes (reflective injection), load remote python code, python packages and python C-extensions from memory. […]
DBC2 (DropboxC2) is a modular post-exploitation tool, composed of an agent running on the victim’s machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication. This project was initially inspired by the fantastic Empire framework, but also as an objective to learn Python. Features DBC2 main features: Various […]
Whenever I get a shell on a Windows system with VMware installed I feel a certain frustration at not being able to access the filesystem of the available virtual machines. Although it would be possible to download the .vmdk files to my host and mount them locally this solution is very noisy and heavy due […]
Just over one year ago (November 2015), I released WMIOps, a PowerShell script that enables a user to carry out different actions via Windows Management Instrumentation (WMI) on the local machine or a remote machine. WMIOps can: Start or stop a process. Return a list of all running processes. Power off, reboot, or log users […]